Beyond a solid knowledge in using various security features of .NET and ASP.NET, even for experienced programmers it is essential to have a deep knowledge in Web-related vulnerabilities both on server and client side along with the consequences of the various risks.

In this course the general web-based vulnerabilities are demonstrated through presenting the relevant attacks, while the recommended coding techniques and mitigation methods are explained in the context of ASP.NET. A special focus is given to client-side security tackling security issues of JavaScript, Ajax and HTML5.

Even experienced Java programmers are not mastering by all means the various security services offered by Java, and are likewise not aware of the different vulnerabilities that are relevant for Web applications written in Java.

The course – besides introducing security components of Standard Java Edition – deals with security issues of Java Enterprise Edition (JEE) and Web services. Discussion of specific services is preceded with the foundations of cryptography and secure communication. Various exercises deal with declarative and programmatic security techniques in JEE, while both transport-layer and end-to-end security of Web services is discussed. The use of all components is presented through several practical exercises, where participants can try out the discussed APIs and tools for themselves.

Beyond a solid knowledge in using Java components, even for experienced Java programmers it is essential to have a deep knowledge in Web-related vulnerabilities both on server and client side, the different vulnerabilities that are relevant for Web applications written in Java, and the consequences of the various risks.

General web-based vulnerabilities are demonstrated through presenting the relevant attacks, while the recommended coding techniques and mitigation methods are explained in the context of Java with the most important aim to avoid the associated problems. In addition, a special focus is given to client-side security tackling security issues of JavaScript, Ajax and HTML5.

A number of programming languages are available today to compile code to .NET and ASP.NET frameworks. The environment provides powerful means for security development, but developers should know how to apply the architecture- and coding-level programming techniques in order to implement the desired security functionality and avoid vulnerabilities or limit their exploitation.

Beyond a solid knowledge in using Java components, even for experienced Java programmers it is essential to have a deep knowledge in Web-related vulnerabilities both on server and client side, the different vulnerabilities that are relevant for Web applications written in Java, and the consequences of the various risks.

General web-based vulnerabilities are demonstrated through presenting the relevant attacks, while the recommended coding techniques and mitigation methods are explained in the context of Java with the most important aim to avoid the associated problems. In addition, a special focus is given to client-side security tackling security issues of JavaScript, Ajax and HTML5.

The training explains in details the mechanisms underlying typical C/C++ security relevant programming bugs – the common security vulnerabilities. The root causes of the problems are explained through a number of easy-to-understand source code examples, which at the same time make clear how to find and correct these problems in practice. The real strength of the course lays in numerous hands-one exercises, which help the participants understand how easy it is to exploit these vulnerabilities by the attackers.

Serving teams that use managed code (.NET and ASP.NET typically written in C#) together with native code development (typically C/C++), this training gives a comprehensive overview of the security issues in both environments.

Concerning C/C++, common security vulnerabilities are discussed, backed by practical exercises about the attacking methods that exploit these vulnerabilities, with the focus on the mitigation techniques that can be applied to prevent the occurrences of these dangerous bugs, detect them before market launch or prevent their exploitation.

To serve in the best way heterogeneous development groups that are using various platforms simultaneously during their everyday work, we have merged various topics into a combined course that presents diverse secure coding subjects in didactic manner on a single training event. This course combines C/C++ and Java platform security to provide an extensive, cross-platform secure coding expertise.

Both Java and .NET development environments provide powerful means for security development, but developers should know how to apply the various architecture- and coding-level programming techniques in order to implement the desired security functionality and avoid vulnerabilities.

Providing hands-on knowledge, the course contains numerous exercises on how to use various APIs and tools to prevent untrusted code from performing privileged actions, protect resources through strong authentication and authorization, provide secured remote procedure calls, handle sessions, introduce different implementations for certain functionality, and many more.

Even experienced programmers do not master by all means the various security services offered by their development platforms, and are likewise not aware of the different vulnerabilities that are relevant for their developments. This course targets developers using both Java and PHP, providing them essential skills necessary to make their applications resistant to contemporary attacks through the Internet.

Levels of Java security architecture are walked through by tackling access control, authentication and authorization, secure communication and various cryptographic functions. Various APIs are also introduced that can be used to secure your code in PHP, like OpenSSL for cryptography or HTML Purifier for input validation. On server side, best practices are given for hardening and configuring the operating system, the web container, the file system, the SQL server and the PHP itself, while a special focus is given to client-side security through security issues of JavaScript, Ajax and HTML5.

The Combined SDL core training gives an insight into secure software design, development and testing through Microsoft Secure Development Lifecycle (SDL). It provides a level 100 overview of the fundamental building blocks of SDL, followed by design techniques to apply to detect and fix flaws in early stages of the development process.

The course provides essential skills for PHP developers necessary to make their applications resistant to contemporary attacks through the Internet. Web vulnerabilities are discussed through PHP-based examples going beyond the OWASP top ten, tackling various injection attacks, script injections, attacks against session handling of PHP, insecure direct object references, issues with file upload, and many others. PHP-related vulnerabilities are introduced grouped into the standard vulnerability types of missing or improper input validation, incorrect error and exception handling, improper use of security features and time- and state-related problems. For this latter we discuss attacks like the open_basedir circumvention, denial-of-service through magic float or the hash table collision attack. In all cases participants will get familiar with the most important techniques and functions to be used to mitigate the enlisted risks.

The Java language and the Runtime Environment (JRE) was designed to be free from the most problematic common security vulnerabilities experienced in other languages, like C/C++. Yet, software developers and architects should not only know how to use the various security features of the Java environment (“Java for security”), but should also be aware of the numerous vulnerabilities that are still relevant for Java development (“security of Java”).

The introduction of security services is preceded with a brief overview of the foundations of cryptography, providing a common baseline for understanding the purpose and the operation of the applicable components. The use of these components is presented through several practical exercises, where participants can try out the discussed APIs for themselves.

Protecting applications that are accessible via the Web requires well-prepared security professional who are at all time aware of current attack methods and trends. Plethora of technologies and environments exist that allow comfortable development of Web applications (like Java, ASP.NET or PHP). One should not only be aware of the security issues relevant to these platforms, but also of all general vulnerabilities that apply regardless of the used development tools.

Testing plays a very important role in ensuring security and robustness of web applications. Various approaches – from high level auditing through penetration testing to ethical hacking – can be applied to find vulnerabilities of different types. However if you want to go beyond the easy-to-find low-hanging fruits, security testing should be well planned and properly executed. Remember: security testers should ideally find all bugs to protect a system, while for adversaries it is enough to find one exploitable vulnerability to penetrate into it.